Discrepancies in who and how many individuals were affected by a recent data breach of the Rhode Island Public Transit Authority may be resolved by an ongoing cyber investigation.
from Cyber Security News https://ift.tt/3qrTd4g
Wednesday, 29 December 2021
Listen to Michael Welch and how to address fourth-party risks and improve supply chain security in our latest The Security Podcast episode
Listen to the latest The Security Podcasts edition as we sit down with Michael Welch, Managing Director of Strategy and Risk at MorganFranklin Consulting, to discuss the growing challenges of fourth-party risks, why they're important, and how organizations can mitigate their impacts.
from Cyber Security News https://ift.tt/3z6mMMZ
Tuesday, 28 December 2021
John Sherman named Department of Defense CIO
John Sherman has been named the Chief Information Officer (CIO) for the Department of Defense (DoD) following a year of service as Acting DoD CIO.
from Cyber Security News https://ift.tt/3sJw5kD
Monday, 27 December 2021
5 minutes with Oliver Tavakoli: Remote and hybrid work strategies for increased enterprise security
Security chats with Oliver Tavakoli, CTO at Vectra, a California-based AI cybersecurity company, about the future of remote work and cybersecurity risk management frameworks security leaders should rely on to ensure proper security during the next year.
from Cyber Security News https://ift.tt/3Hf8E6L
Six ways to reduce cyber risk in the C-suite
A report from Sapien Cyber, "The C-Suite's Guide to Cyber Risks," highlights changes that boardrooms can make to better prioritize cybersecurity.
from Cyber Security News https://ift.tt/3qLNuH1
Growing data privacy enforcement on the horizon
Data privacy leaders from the International Association of Privacy Professionals (IAPP) highlight what to expect in the field from increased privacy regulations to global data management practices.
from Cyber Security News https://ift.tt/340YLLM
Friday, 24 December 2021
Security magazine's Top 10 web exclusives
The Security team compiled this year's top web exclusive articles — all of which were contributed by security and risk experts
from Cyber Security News https://ift.tt/3qp8l2l
Wednesday, 22 December 2021
RSAC postponed due to health and safety concerns
The 2022 RSA Conference has been postponed to June 2022 due to COVID-19 concerns.
from Cyber Security News https://ift.tt/3ejeaJi
SANS holiday hack challenge adds in log4j bonus challenge
The SANS Institute has announced the addition of a log4j security vulnerability bonus challenge to the 2021 SANS Holiday Hack Challenge.
from Cyber Security News https://ift.tt/3ecZ0VX
Cyber strategy should consider more than compliance
The "Beyond the Cyber EO: How to Build a Better Mousetrap" report from MeriTalk asked federal cybersecurity leaders for their thoughts on the May 2021 executive order on cybersecurity and how the field can move forward.
from Cyber Security News https://ift.tt/32lyua5
Tal Weitzman named CIO at Medecision
Tal Weitzman, a leader in healthcare IT and financial services, will join Medecision as the new Chief Information Officer (CIO).
from Cyber Security News https://ift.tt/3ee20Bg
Top 15 cybersecurity predictions for 2022
As you build your roadmap for the year ahead, security and risk experts offer 15 cybersecurity predictions for 2022.
from Cyber Security News https://ift.tt/3ewtJxr
Tuesday, 21 December 2021
How cyber underwriters can better respond to the current cyber pandemic
With cybercrime on the rise, below are a few ways that underwriters can provide more comprehensive cyber insurance.
from Cyber Security News https://ift.tt/30Nbkca
Why so many cybersecurity attacks still start with an email
As attackers continue to advance and increase their sophistication levels, legacy email security technologies no longer provide sufficient protection for organizations.
from Cyber Security News https://ift.tt/3efnI83
CISA & FBI share holiday safety PSA
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI), launched a joint public service announcement (PSA) sharing clear actions to stay cybersecure this holiday season.
from Cyber Security News https://ift.tt/3Fu8cRu
What’s next after Log4j?
It’s hard to know how many systems are already compromised by the log4j security vulnerability. It may take months or even years until we know if most critical systems were patched in time.
from Cyber Security News https://ift.tt/3JaoQIo
Four steps to build and retain a solid cybersecurity team during a labor shortage
Here are four steps to consider when building or improving your existing culture and recruiting practices.
from Cyber Security News https://ift.tt/3pgScgd
Monday, 20 December 2021
Researchers discover alternative local attack vector in Log4j
Blumira research team has discovered an alternative attack vector in the Log4j vulnerability that relies on a basic Javascript WebSocket connection to trigger the RCE locally via drive-by compromise.
from Cyber Security News https://ift.tt/3J5VWcf
7 essential capabilities to consider when evaluating ERP security, risk and compliance solutions
Here are seven questions to ask vendors to guide your organization's evaluation of enterprise resource planning (ERP) application security, risk and compliance solutions and help them understand which features are genuinely the most valuable.
from Cyber Security News https://ift.tt/3pbzAhy
Friday, 17 December 2021
Peacetime PSIRT activities boost security
Let's look at how to get the most out of your Product Security Incident Response Team (PSIRT) investment.
from Cyber Security News https://ift.tt/3e23KNT
5 tips for a stronger cybersecurity posture for retailers
As retailers prepare for one of the busiest times of the year, let’s discuss some of the challenges and priorities to consider now to manage the evolving cybersecurity landscape ahead of the holidays.
from Cyber Security News https://ift.tt/3meQAl3
Key takeaways from the Log4Shell vulnerability
As many have seen, the Log4Shell vulnerability, which was discovered over the weekend, is an extremely serious flaw and will likely impact organizations for years to come. Here’s what we know thus far, and how enterprises can remain safe as this vulnerability persists.
from Cyber Security News https://ift.tt/3F8gHl5
Thursday, 16 December 2021
The 4 tenets of Scottish AI adoption
Albert King, the Chief Data Officer of the Scottish Government, discussed the key aspects involved in Scotland's artificial intelligence (AI) strategy in a session of Cognilytica's AI in Government speaker series. The country prioritizes data as a means to improve decision-making and enable national goals.
from Cyber Security News https://ift.tt/3F7ZAQv
Log4j worm fears arise
Cybersecurity leaders are concerned that attackers could further weaponize the Log4j security vulnerability by creating a "worm" that spreads automatically from one vulnerable device to another.
from Cyber Security News https://ift.tt/33BEsnZ
Most risk-based vulnerability management programs ineffective
A Vulcan Cyber study highlights the struggle of IT security teams to transition from simple vulnerability identification to meaningful response and mitigation, limiting the risk insights business leaders and IT management professionals need to effectively protect valuable business assets.
from Cyber Security News https://ift.tt/3yvfySm
Anubis campaign targets hundred of financial apps
Lookout Threat Labs researchers have discovered a distribution of the Anubis Android banking malware that is masquerading as the official account management application from Orange S.A., a leading French telecommunications company.
from Cyber Security News https://ift.tt/3F0Z9Yk
Laura Élan named Director of MxD Cyber
Laura Élan has joined MxD Cyber: The National Center for Cybersecurity in Manufacturing as its new Director. The cybersecurity leader will lead the organization's Cybersecurity Steering Committee.
from Cyber Security News https://ift.tt/3F1Ifsh
It’s not all about the C-suite: How to digitally protect employees
Now more than ever, discussions must be had on digital and cyber protections for employees, not just executives and the C-suite.
from Cyber Security News https://ift.tt/3E0GuKP
Data security is critical to your organization’s reputation strategy
The first step in creating a complete data security plan is to know what types of data the company collects, where it is stored, and with whom and how it is shared. Next, the business should determine the potential risks to that data and whether the information resides in electronic or physical form (or both).
from Cyber Security News https://ift.tt/3mcDzIK
Wednesday, 15 December 2021
SIA releases 2022 Security Megatrends
The Security Industry Association has released its 2022 Security Megatrends, which highlight security topics for business leaders in all industries to watch.
from Cyber Security News https://ift.tt/3EYeskr
Cybersecurity, risk and compliance: What’s in store for 2022?
What should security leaders focus on as they look to 2022? Organizational resilience, reputational risk and cybersecurity all will play major roles in enterprise security.
from Cyber Security News https://ift.tt/3F0sEcL
Tuesday, 14 December 2021
How to execute a successful ransomware tabletop exercise
Check out five tips on how to execute a successful ransomware tabletop exercise, including how to identify key participants and ensure representatives from core business and operations teams are involved.
from Cyber Security News https://ift.tt/3DXEWkT
Find network breaches before they crush your business
If hackers can learn the ins and outs of your network, shouldn’t you beat them to the punch by obtaining deeper visibility and holistic mapping of your network infrastructure and attached applications, services, and devices?
from Cyber Security News https://ift.tt/30qIbTZ
Current state of security operations center performance
Devo Technology announced the results of its 3rd annual SOC Performance Report (SPR), a survey on the current state of security operations center (SOC) performance.
from Cyber Security News https://ift.tt/3yu8fKv
Chemical security seminars enter last week
The Cybersecurity and Infrastructure Security Agency (CISA) will be hosting the final Chemical Security Seminar of 2021 on December 15, featuring panel discussions on supply chain disruptions, emergency management collaboration, and a workshop to assist chemical industry members in designing their own chemical security exercises.
from Cyber Security News https://ift.tt/3IRFJHu
What businesses look for when outsourcing IT
As most small and medium businesses are forced to figure out ways to do more with less, outsourcing IT is the right choice for many different reasons.
from Cyber Security News https://ift.tt/3yn3532
The 10 worst password offenders of 2021
Compromised passwords led to many data breaches in 2021, a record-breaking year for cyber vulnerabilities. Dashlane compiled the sixth annual "Worst Password Offenders" list, which highlights high-profile cyber incidents.
from Cyber Security News https://ift.tt/3GDqOyE
Monday, 13 December 2021
What cyber insurance costs by sector
A study from AdvisorSmith ranked sectors by their cost of cyber insurance. Organizations in the financial industry reported the highest cyber insurance expenses.
from Cyber Security News https://ift.tt/3qbJMpR
Apache Log4j security flaw presents critical risk to organizations
Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services, meaning many organizations are at risk from threat actors actively exploiting this vulnerability.
from Cyber Security News https://ift.tt/30n7pTn
UK founds cyber resilience center group
National Cyber Resilience Centre Group (NCRCG) is comprised of government and corporate entities working together to ensure cybersecurity across the United Kingdom.
from Cyber Security News https://ift.tt/3s3aKCw
Cyberattacks target IT and communications sector in 2021
The information technology (IT) and communications sector was the most targeted by cyberattacks in 2021, according to data from Darktrace. This marks a shift from 2020, when the financial and insurance sector underwent the highest cyberattack volume.
from Cyber Security News https://ift.tt/3pVAH3Y
Stop operating in the dark — we need continuous, runtime IaaS visibility
It feels like IT and security pros are tasked with the impossible job of operating business-critical applications in Infrastructure as a Service (IaaS) environments in the dark with no ability to monitor and protect them in runtime.
from Cyber Security News https://ift.tt/3dJUJcc
The sneaky security risk of overprovisioning the network
To manage unprecedented demand on the network, IT teams took to overprovisioning — adding additional capacity to the network — as a quick fix to maintain connections between employees, stakeholders and customers.
from Cyber Security News https://ift.tt/3ynyZfN
Friday, 10 December 2021
CK Chim named Cybereason Field CSO for Asia Pacific region
CK Chim has been named the new Field Chief Security Officer (CSO) for the Asia Pacific Region at Cybereason.
from Cyber Security News https://ift.tt/31MSDWv
Ben Carr named CISO at Cradlepoint
Ben Carr, an experienced global cybersecurity executive, has been named the new Chief Information Security Officer (CISO) at Cradlepoint.
from Cyber Security News https://ift.tt/3dGZMdi
Thursday, 9 December 2021
2021 breaks the record for security vulnerabilities
The US-CERT Vulnerability database has recorded 18376 vulnerabilities as of December 8, 2021, which exceeds the 2020 record of 18351.
from Cyber Security News https://ift.tt/3DEJBYw
How cybersecurity and executive leaders communicate about ransomware
How do cybersecurity and executive leaders communicate about ransomware? A new (ISC)² study provides insights for cybersecurity professionals into the minds of C-suite executives and how they perceive their organizations’ readiness for ransomware attacks.
from Cyber Security News https://ift.tt/3rRsVuz
The top data breaches of 2021
2021 will be a record-breaking year for data breaches. According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 has already exceeded the total number of events in 2020 by 17%. Here, Security magazine brings you a list of 2021’s top 10 data breaches and exposures, and a few other noteworthy mentions.
from Cyber Security News https://ift.tt/3IAdxJb
Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges
Heading into 2022, business leaders and security professionals have many challenges to deal with. For many, the year ahead will feel like the movie “Groundhog Day,” as most businesses and organizations continue to work to find a proportional response to ransomware.
from Cyber Security News https://ift.tt/3dBUVu4
Wednesday, 8 December 2021
Chris Fallon named CIO at Fortune Brands GPG
Former Starbucks technology executive Chris Fallon has been named the new Chief Information Officer (CIO) at Fortune Brands Global Plumbing Group.
from Cyber Security News https://ift.tt/3Gs5BaU
Preparing for the 2022 fraud threat landscape
Heading into 2022 there are three key areas where security leaders need to be well-versed: innovations in eSkimming methods, intensifying pressure from ransomware campaigns on the payments ecosystem and the supply chain, and sophisticated enumeration attacks that impact and payments ecosystem.
from Cyber Security News https://ift.tt/3dtchcB
Avishai Avivi named CISO at SafeBreach
Avishai “Avi” Avivi has joined SafeBreach as Chief Information Security Officer. Avivi will oversee areas including incident response, security policies and procedures, threat intelligence, information governance, and more.
from Cyber Security News https://ift.tt/31CSKUE
Audit dread has increased from 78% in 2020 to 95% in 2021
How are financial services faring with the ever-increasing challenge of audit overload? A new Telos study explores the challenges financial institutions experience when working on audits.
from Cyber Security News https://ift.tt/3oyvZK6
Researchers discover GraphQL authorization flaws in fintech SaaS platform
Salt Security released new API threat research from Salt Labs that highlights a GraphQL API authorization vulnerability in a B2B financial technology (FinTech) platform.
from Cyber Security News https://ift.tt/3lMWdGX
Tuesday, 7 December 2021
Ralph Buelling named CIO at UW Credit Union
Ralph Buelling will lead data services and strategic information implementation in his Chief Information Officer (CIO) role at UW Credit Union.
from Cyber Security News https://ift.tt/3lKC4Bn
Den Jones joins Banyan Security as CSO
Banyan Security has named its first Chief Security Officer: Den Jones. The experienced zero trust leader will aid the enterprise's security strategy.
from Cyber Security News https://ift.tt/3ECzBjW
Burnout can lead to security threats, insider risk
The new State of Access report from 1Password found that security professionals who suffer burnout may pose an insider threat to an enterprise.
from Cyber Security News https://ift.tt/3dt54cl
NSA, CISA release final 5G Cybersecurity Guidance
Enduring Security Framework (ESF) experts from the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published the third installment of guidance to protect the confidentiality, integrity and availability of data within a 5G core cloud infrastructure.
from Cyber Security News https://ift.tt/331Sf6R
Protecting school devices in the age of digital learning
Although the increased mobility and the ‘learn-from-anywhere’ environment are both positive outcomes, the IT teams who support school districts are faced with the very real challenge of being able to track and manage much larger volumes of valuable assets that are now well outside the security of a school’s network.
from Cyber Security News https://ift.tt/3lJRq9f
Monday, 6 December 2021
FBI finds ransomware targeting critical infrastructure
The Federal Bureau of Investigation (FBI) has issued an alert on "Cuba" ransomware, which has launched cyberattacks against 49 critical infrastructure organizations.
from Cyber Security News https://ift.tt/3dq1kIB
Friday, 3 December 2021
John Edwards named CIO of WTS International
WTS International, a hospitality provider, has appointed John Edwards as the new Chief Information Officer (CIO).
from Cyber Security News https://ift.tt/3GbwVtR
Thursday, 2 December 2021
CISA, FBI release alert on Zoho vulnerability
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability — CVE-2021-44077 — in Zoho ManageEngine ServiceDesk Plus
from Cyber Security News https://ift.tt/3lvu2MR
Data from 400,000 Planned Parenthood patients compromised
Planned Parenthood Los Angeles has suffered a data breach that compromised the information of over 400,000 patients.
from Cyber Security News https://ift.tt/3DhFYri
Researchers take down scams targeting US military families
Threat intelligence researchers have taken down phishing scams that are actively targeting U.S. military personnel.
from Cyber Security News https://ift.tt/3og0ft0
CISA names 23 members to new Cybersecurity Advisory Committee
Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) announced the appointment of the first 23 members of the Agency’s new Cybersecurity Advisory Committee, a group that will advise and provide recommendations to the Director on policies, programs, planning, and training to enhance the nation’s cyber defense.
from Cyber Security News https://ift.tt/3ogIb2c
What Microsoft’s shift to passwordless means for cybersecurity
Passwordless security solutions are here — but are all enterprise organizations ready to implement them?
from Cyber Security News https://ift.tt/3FZqIBk
Wednesday, 1 December 2021
Panasonic discloses data breach
Panasonic disclosed a data breach after detecting unauthorized access in its network.
from Cyber Security News https://ift.tt/3EeRrcG
Subscribe to:
Posts (Atom)